Microsoft has been holding the axe over Basic Auth in Exchange Online for years. Well today, the company is finally swinging it, sending Basic Auth into the sunset. With Basic Auth ending, Microsoft is replacing it across Offline Address Book (OAB), RPC, POP, Exchange Web Services (EWS), IMAP, MAPI, and Remote PowerShell.
As for its replacement, Microsoft is recommending customers start using the more secure Modern Authentication (OAuth 2.0).
Microsoft has been promising this shutoff for several years, much to the dismay of many Exchange Online customers. However, as the company promised, the depreciation of Basic Auth will happen gradually.
The October 1 end date is merely the start of the process. In April, Microsoft announced the date for the shutoff would be October 1. Furthermore, the company took the unique approach of contacting customers directly to tell them about the ending support of Basic Auth.
Microsoft will roll the depreciation into 2023. That means customers not ready can currently re-enable Basic Auth via the self-diagnostic tool. This approach will work until December before Microsoft closes support permanently in early January.
According to Microsoft, if it contacts a tenant to tell them about the disabling of Basic Auth, the customer will have seven days to comply. So, it is worth tenants being ready from this week because Microsoft does not seem to have a firm contact plan and is contacting customers randomly.
Basic Auth (Basic Authentication) works by a website visitor is asked for a username and password. Microsoft is replacing the system for Exchange Online with the new Modern Authentication, which combines various authentication practices.
You can check out all the details in Microsoft's official guidance.